[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Keying Material

To: "'Amol Deshmukh'" <adeshmukh@pace.stpp.soft.net>, <ipsec@lists.tislabs.com>
Subject: RE: Keying Material
From: "Rajesh Mohan" <rajeshmn@future.futsoft.com>
Date: Thu, 1 Aug 2002 20:10:30 +0530
Importance: Normal
In-Reply-To: <MDEJLHMEAJPNHKAIJCHKCECCDAAA.stephane@cisco.com>
Reply-To: <rajeshmn@future.futsoft.com>
Sender: owner-ipsec@lists.tislabs.com

Amol,

I would recommend you start with OpenBsd implementation. It definetly prints
SKEYID and IV updates to log file. isakmpd man pages will tell you how to
turn on log messages.

HTH,
-Rajesh M




> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Stephane Beaulieu
> Sent: Thursday, August 01, 2002 6:42 PM
> To: Amol Deshmukh; ipsec@lists.tislabs.com
> Subject: RE: Keying Material
>
>
> Amol,
>
> We used to have bakeoffs to deal with such issues.
> Unfortunately, bakeoffs
> are rare these days because most vendors achieved good basic
> interoperability years and years ago.
>
> Probably the easiest way to do this is to try sending packets
> through and
> turning on debugging on the Cisco device.  It won't give you
> the keys, but
> it'll tell you if authentication and/or decryption fail.
>
> If your keys are incorrect, try and try again.
>
> You might also want to try and interop with some of the open
> source IPsec
> implementations.  You can probably modify their code to spew
> out the keys
> you're looking for.
>
> Good luck,
> Stephane.
>
> > -----Original Message-----
> > From: owner-ipsec@lists.tislabs.com
> > [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Amol Deshmukh
> > Sent: Thursday, August 01, 2002 1:40 AM
> > To: ipsec@lists.tislabs.com
> > Subject: Keying Material
> >
> >
> > Hi,
> >     I am trying to interop, our IKE implementation with Cisco.
> >     From the keying material generated, the keys for
> > encryption/authentication are created. There is no way to
> find out if the
> > keys generated at both ends are the same.
> >     Could anyone please help me in this.
> >
> > Thanks in advance,
> > -Amol.
> >
>

***************************************************************************
This message is proprietary to Future Software Limited (FSL) 
and is intended solely for the use of the individual to whom it
is addressed. It may contain  privileged or confidential information 
and should not be circulated or used for any purpose other than for 
what it is intended. 

If you have received this message in error, please notify the
originator immediately. If you are not the intended recipient,
you are notified that you are strictly prohibited from using,
copying, altering, or disclosing the contents of this message. 
FSL accepts no responsibility for loss or damage arising from 
the use of the information transmitted by this email including
damage from virus.
***************************************************************************

Follow-Ups:
- Re: Keying Material
  - From: "Suresh Singh K." <sureshsingh.keisam@analog.com>

References:
- RE: Keying Material
  - From: "Stephane Beaulieu" <stephane@cisco.com>

Prev by Date: Re: CERT REQ payload Handling Clarification
Next by Date: Re: CERT REQ payload Handling Clarification
Prev by thread: RE: Keying Material
Next by thread: Re: Keying Material
Index(es):
- Date
- Thread